[tor-bugs] #3461 [Tor Browser]: minor tweaks for TBB to reduce data transfer and data leaking

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#3461: minor tweaks for TBB to reduce data transfer and data leaking
-------------------------+--------------------------------------------------
 Reporter:  phobos       |          Owner:  mikeperry
     Type:  enhancement  |         Status:  new      
 Priority:  normal       |      Milestone:           
Component:  Tor Browser  |        Version:           
 Keywords:               |         Parent:           
   Points:               |   Actualpoints:           
-------------------------+--------------------------------------------------
 I've noticed the default TBB is quite permissive in its settings.  I am
 concerned that after a few hours of browsing in TBB, a large number of
 sites can track my current persona and know where I've been on the web,
 and what I've been doing.  If I screw up once and login to a website with
 my real identity, I've just tied anonymous me to real me.  I've been
 looking into the data stored in cache after some simple operations and how
 it is effected by changing the torbutton and noscript settings.  I wish I
 could export torbutton settings in some simple manner.

 I did a simple test this morning.
 1. I start up TBB 1.1.11 on linux.
 2. I click on the 'the tor blog' bookmark and let the page load.
 3. I then click on 'learn more about tor' bookmark and let the page load.
 4. On the tor website, I click on Press.
 5. Once the page loads, I click on volunteer.
 6. After the page loads, I decide to see what the weather is like at the
 tor office. I enter 'wunderground.com' in the awesome bar and let it load.
 7. I enter '02081' in the location and let it load.
 8. I click on the radar map and let it load.

 Attached are 3 pdfs and 1 text file.  Each pdf is named according to what
 it represents.

 1. The file 'default-TBB-settings-cache-data-leaking.pdf' represents the
 results from 'about:cache' after the eight steps above.
 2. I tweak some of the torbutton settings, specifically:
 a. Under 'security settings, dynamic content' I check 'Disable updates
 during Tor usage'.
 b. Under 'history', I check all boxes.
 c. Under 'forms', I check al boxes.
 d. Under 'cache', I check 'clear cookies on tor toggle'
 e. Under 'startup', I check 'On normal startup, set Tor state to tor', 'On
 session restored startup, set tor state to tor', and uncheck the two
 saving tabs options.
 f. Under 'shutdown', I check 'clear cookies during any browser shutdown'.

 The file named 'minor-tweaks-TBB-data-leaks.pdf' represents the cache
 after these changes and following the initial 7 steps.

 3. I configure noscript to be slightly more strict in what it allows for
 javascript and other options.  The file 'medium-tweaks-TBB-noscript-
 settings.txt' are these changes.  The file 'medium-tweaks-TBB-data-
 leaks.pdf' represents the cache after these changes and following the 7
 steps.

 The result appears to be for the same seven steps, with a tbb restart
 between each run a dramatic reduction in cached objects.

 Default TBB: 442 objects for 2.5MB in cache.  Lots of ad networks loaded
 in cache too.

 Minor TBB:  340 objects for 1.5MB in cache.  Lots of ad networks loaded in
 cache too.

 Medium TBB: 205 objects for 912KB in cache.  1 Facebook plugin, far few ad
 networks loaded in cache.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3461>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs